Wrangling passwords

Last week, a discussion on passwords took place on a listserv I belong to. Being a shameless thief, I’ll mention some of what was said and add my own input.

Granted, I’ve already blogged on password usage, but this is an evergreen topic, one that people could stand to revisit from time to time.

To use different passwords or not – that is the question

Uh, not really.

Can you use the same password across multiple sites? Only if you want to grant malicious and increasingly talented hackers access to everything you do online. (I really feel for the millions of Sony PlayStation gamers who need to change credit card numbers, passwords and so forth. I hope they used unique passwords.)

Can I write passwords down somewhere?

Maybe. A lot depends on where you write said passwords and whether other people can check them.

For instance, an encrypted file in an obscure folder on an offline drive sounds fairly secure. A sticky note on your monitor at work, placed in a cubicle dozens of people pass every day on their way to the water cooler? Maybe not, especially if you share a computer with other people.

What makes a password safe?

Ideally the password would be a minimum length (this article recommends 12 characters) and not something anybody can associate with you (like an address, name of a pet or type of car you drive). Never use actual words or names.

For good measure, throw punctuation marks and numbers in your passwords.

How can I remember passwords?

Make them memorable, but only to yourself.

One way to do this is mnemonics. For instance, take a song like U2’s “I Still Haven’t Found What I’m Looking For.” You could:

shorten this to the password: ISHFWILF

use a backward mnemonic: FLIWFHSI

use the second letter of each word (which shortens this to 7 letters): TAOHMOO

Just using favourite songs, the possibilities are endless. And you can use so many other things too: favourite quotations, musical scales, the list goes on.

Can I keep a password forever?

You would be better off changing your passwords regularly. Some corporate IT departments force staff to change their passwords once every three months or so, and they prevent staff from reusing previous passwords or simply modifying existing passwords.

Can I reduce the headaches passwords cause?

Certain companies create tools that people can use to manage ever-increasing quantities of passwords. I don’t use any of these tools, so I can’t endorse them, but you might want to check them out for yourself: